ISMS Policy

The main theme of the TS EN ISO 27001:2013 Information Security Management System at HASAT BNO GRUP GIDA YEMEK HAYVANCILIK TEKSTİL İNŞAAT SANAYİ TİCARET ANONİM ŞİRKETİ is that the top management implements the Information Security Management System in accordance with the requirements specified in ISO/IEC 27001 to achieve the objectives and policies set within the scope of ISO 27001. As a result of this commitment, the company organizes information security awareness programs across the organization and continues its infrastructure investments.

When establishing the ISMS (Information Security Management System), the top management appoints the ISMS Manager through an official appointment letter. If the ISMS Manager changes or leaves the position, the top management revises the document and reappoints the position. The authority to appoint and change the ISMS Manager lies with the top management.

In this regard, the purpose of our ISMS Policy is to:

• Manage information assets, identify the security values, needs, and risks of the assets, and develop and implement controls for security risks.
• Define the framework for determining the security needs, vulnerabilities, threats to the assets, and the frequency of these threats concerning the values of the information assets.
• Define a framework for assessing the impacts of threats on the confidentiality, integrity, and availability of assets.
• Establish the principles for processing risks.
• Continuously monitor risks by reviewing technological expectations within the service scope context.
• Fulfill national or international regulations, legal and relevant legislative requirements, obligations arising from agreements, and corporate responsibilities towards internal and external stakeholders.
• Reduce the impact of information security threats on service continuity and contribute to continuity.
• Have the capability to respond swiftly to potential information security incidents and minimize the impact of such incidents.
• Maintain and improve the level of information security over time with a cost-effective control infrastructure.
• Enhance the institution’s reputation and protect it from negative impacts based on information security.
• Ensure the continuity of the Information Security Management System.
• Continuously improve the Information Security Management System.